How to get started with Mobile Device Management in the Cloud

For delivering a more secure and integrated experience for access to corporate applications and services, across all sorts of mobile devices, the MDM for Office 365 and Microsoft Intune solutions provide excellent tools to manage the challenge many organizations face when they intentionally or unofficially adopt a “bring-your-own-device” (BYOD) approach.

To get access tools for Mobile Device Management (MDM), Identity and Access Management and Information Protection, an approach could be to look at the Enterprise Mobility Suite (EMS).
EMS is a suite of cloud services that manage devices, controls access and protect corporate data on devices, both within the applications and when the data is in transit. The EMS subscription includes Azure AD Premium (for Identity/Access Management), Azure Rights Management (for Information Protection and Rights Management) and Microsoft Intune (for MDM and Mobile Application Management).

Basic Mobile Device Management (MDM) capabilities are built-in to a range of Office 365 subscriptions, and these features can help secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Office 365 users in the organization.

MDM for Office 365 can be used for securing and management of the following types of devices.

Windows Phone 8.1

iOS 7.1 or later versions

Android 4 or later versions

Windows 8.1*

Windows 8.1 RT*

* Access control for Windows 8.1 and Windows 8.1 RT devices is limited to Exchange ActiveSync.

Currently, the supported apps for Office 365 MDM are:

Exchange Online

SharePoint Online

OneDrive for Business.

The following diagram shows the process when a user with a new device signs in to an app that supports access control with MDM for Office 365.
The user is blocked from accessing Office 365 resources in the app until the device is enrolled.

With MDM for Office 365, the Office 365 administrator can create policy settings to help secure and manage mobile devices that connect to the organization’s Office 365 resources.
The MDM policy settings that can block users from accessing Office 365 resources are divided into these sections:

For more advanced capabilities, such as the ability to manage a wider range of mobile devices and computers, and the option to integrate with an on-premise System Center 2012 Configuration Manager, Microsoft Intune provides a powerful solution with more features and more security options.